Justi Opublikowano 14 Grudnia 2015 Zgłoś Udostępnij Opublikowano 14 Grudnia 2015 proszę o pomoc w usunięciu Addition.txt FRST.txt Shortcut.txt Odnośnik do komentarza
picasso Opublikowano 14 Grudnia 2015 Zgłoś Udostępnij Opublikowano 14 Grudnia 2015 (edytowane) Działania do przeprowadzenia: 1. Odinstaluj zbędny Akamai NetSession Interface, starą wersję Java 8 Update 45 oraz adware WinZipper. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: R2 IhPul; C:\Users\Justyna\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com) R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: ) R2 WdMan; C:\ProgramData\5WdM5\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [brak podpisu cyfrowego] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ShortcutWithArgument: C:\Users\Justyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 ShortcutWithArgument: C:\Users\Justyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 ShortcutWithArgument: C:\Users\Justyna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 ShortcutWithArgument: C:\Users\Justyna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 ShortcutWithArgument: C:\Users\Justyna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 ShortcutWithArgument: C:\Users\Justyna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms} HKU\S-1-5-21-2237237147-802211931-1834638873-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 HKU\S-1-5-21-2237237147-802211931-1834638873-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms} SearchScopes: HKU\S-1-5-21-2237237147-802211931-1834638873-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms} SearchScopes: HKU\S-1-5-21-2237237147-802211931-1834638873-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - iexplore.exe FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Justyna\AppData\Roaming\Mozilla\Firefox\Profiles\ygfgb4y0.default\extensions\defsearchp@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Justyna\AppData\Roaming\Mozilla\Firefox\Profiles\ygfgb4y0.default\extensions\deskCutv2@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Justyna\AppData\Roaming\Mozilla\Firefox\Profiles\ygfgb4y0.default\extensions\default_newtabff@gmail.com FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Justyna\AppData\Roaming\Mozilla\Firefox\Profiles\ygfgb4y0.default\extensions\yahooprotected@gmail.com StartMenuInternet: FIREFOX.EXE - firefox.exe CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538" CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms} CHR DefaultSearchKeyword: Default -> yoursites123 StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 Task: {160B3703-F659-4BE8-BA5F-ABCAB1106545} - System32\Tasks\UpdateTask => C:\Users\Justyna\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE Task: C:\Windows\Tasks\UpdateTask.job => C:\Users\Justyna\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes RemoveDirectory: C:\Program Files (x86)\SFK RemoveDirectory: C:\ProgramData\5WdM5 RemoveDirectory: C:\ProgramData\tWMiniProt RemoveDirectory: C:\ProgramData\yWdMy RemoveDirectory: C:\ProgramData\Microsoft\Windows\GameExplorer\{94519241-1F6A-4433-8AAA-2E65A912A54A} RemoveDirectory: C:\Users\Justyna\AppData\Roaming\TSv C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\Justyna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chromium.lnk C:\Windows\SysWOW64\pl.html EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Wyczyść przeglądarki z adware: Firefox: Odłącz synchronizację (o ile włączona): KLIK. Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone. Menu Historia > Wyczyść całą historię przeglądania. Google Chrome: Zresetuj synchronizację (o ile włączona): KLIK. Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Resetowanie ustawień. Zakładki i hasła nie zostaną naruszone. Ustawienia > karta Ustawienia > sekcja Szukaj > klik w Zarządzanie wyszukiwarkami > skasuj z listy yoursites123 (o ile nadal będzie). 4. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale już bez Shortcut. Dołącz też plik fixlog.txt. Edytowane 2 Czerwca 2016 przez picasso Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso Odnośnik do komentarza
Rekomendowane odpowiedzi